accesslib: Introduce (and use) reload_all_capabilities()

If accessinfo is stale, we need to reload it without losing out "interesting" state -- transparently for the end user. That means preserving active role switches, loginas (site and course level), etc. The logic for that is encapsulated in reload_all_capabilities(). Also affected: - has_capability() which now calls reload_all_capabilities() - role_switch() - minor tidyup
2025-01-19 14:27:22 +01:00 · 2007-09-19 07:11:18 +00:00 · 2007-09-19 07:11:18 +00:00 · ef989bd95e
commit ef989bd95e
parent 2123166d62
1 changed files with 43 additions and 7 deletions
--- a/lib/accesslib.php
+++ b/lib/accesslib.php
@ -417,10 +417,13 @@ function has_capability($capability, $context=NULL, $userid=NULL, $doanything=tr
        $clean = false;
    }
    if (!$clean) {
-        // TODO: reload all capabilities but
-        // preserve loginas, roleswitches, etc
+        // reload all capabilities - preserving loginas, roleswitches, etc
+        // and then cleanup any marks of dirtyness... at least from our short
+        // term memory! :-)
+        reload_all_capabilities();
+        $DIRTYCONTEXTS = array();
+        $clean = true;
    }
-
    
    // divulge how many times we are called
    //// error_log("has_capability: id:{$context->id} path:{$context->path} userid:$userid cap:$capability");
@ -1502,6 +1505,7 @@ function load_user_accessdata($userid) {
    $ACCESS[$userid] = $access;
    return true;
 }
+
 /**
 *  A convenience function to completely load all the capabilities 
 *  for the current user.   This is what gets called from login, for example.
@ -1570,6 +1574,37 @@ function load_all_capabilities() {
    $USER->access['time'] = time();
 }

+/**
+ * A convenience function to completely reload all the capabilities 
+ * for the current user when roles have been updated in a relevant
+ * context -- but PRESERVING switchroles and loginas. 
+ *
+ * That is - completely transparent to the user.
+ * 
+ * Note: rewrites $USER->access completely.
+ *
+ */
+function reload_all_capabilities() {
+    global $USER,$CFG;
+
+    error_log("reloading");
+    // copy switchroles
+    $sw = array();
+    if (isset($USER->access['rsw'])) {
+        $sw = $USER->access['rsw'];
+        error_log(print_r($sw,1));
+    }
+
+    unset($USER->access);
+    
+    load_all_capabilities();
+
+    foreach ($sw as $path => $roleid) {
+        $context = get_record('context', 'path', $path);
+        role_switch($roleid, $context);
+    }
+
+}

 /**
 * Check all the login enrolment information for the given user object
@ -4298,6 +4333,11 @@ function role_switch($roleid, $context) {
    // To un-switch just unset($USER->access['rsw'][$path])
    // 

+    // Add the switch RA
+    if (!isset($USER->access['rsw'])) {
+        $USER->access['rsw'] = array();
+    }
+
    if ($roleid == 0) {
        unset($USER->access['rsw'][$context->path]);
        if (empty($USER->access['rsw'])) {
@ -4306,10 +4346,6 @@ function role_switch($roleid, $context) {
        return true;
    }

-    // Add the switch RA
-    if (!isset($USER->access['rsw'])) {
-        $USER->access['rsw'] = array();
-    }
    $USER->access['rsw'][$context->path]=$roleid;
    
    // Load roledefs